Pale Moon Version 31.3.0 Released with Security Updates

Started by Corrine, September 27, 2022, 02:08:35 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

Pale Moon has been updated to version 31.3.0.  This is a major development, bugfix, and security update.

Linux versions will follow shortly.

Changes/Fixes:

  • Implemented .at(index) JavaScript method on built-in indexables (Array, String, TypedArray).
  • Implemented the use of EventSource in workers.
  • Enabled the sending of the Origin: header by default on same-origin requests.
  • Changed how Pale Moon is built. We are now using Visual Studio 2022 on Windows, and have made build system changes to reduce build times and pressure on the linker on all platforms.
  • Changed how Pale Moon handles standalone wave audio files (.wav). See implementation notes.
  • Improved string normalization.
  • Updated the handling of CSS "supports" to now accept unparenthesized strings (spec update).
  • Updated the handling of flex containers in web pages for web compatibility.
  • Fixed various issues when building for Mac OS X.
  • Fixed various C++ standard conformance issues in the source code.
  • Fixed several issues building on SunOS and Linux with various configurations and gcc versions.
  • Fixed an issue with regular expressions' dotAll syntax and usage. See implementation notes.
  • Switched custom hash map to std::unordered_map where prudent.
  • Cleaned up and updated IPC thread locking code.
  • Removed spacing for accessibility focus rings in form controls to align styling of them with expected metrics.
  • Removed the unnecessary control module for building with non-standard configurations of the platform.
  • Removed the -moz prefix from min-content and max-content CSS keywords where it was still in use.
  • Security fixes: CVE-2022-40956 and CVE-2022-40958.
  • UXP Mozilla security patch summary: 2 fixed, 11 not applicable.

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

**Rejected security patches: This means that patches were theoretically applicable to our code but considered undesirable, which could be due to unwanted changes in behavior, known regressions caused by the patches, or unnecessary risks for stability, security or privacy.
Pale Moon includes both 32- and 64-bit versions for Windows:  Pale Moon for Windows downloads.

Update:  To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.